SUSE-SU-2025:4057-1

Advisory lineage Upstream: 462 Downstream: 0
Published: 11 Nov 2025, 18:36
Last modified:04 Feb 2026, 02:23

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Nov 2025, 18:36
Published
Vulnerability first disclosed
04 Feb 2026, 02:23
Last Modified
Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815). - dpll: Make ZL3073X invisible (bsc#1252253). - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix build failure (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nvme-auth: update bi_directional flag (git-fixes bsc#1249735). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112). - platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112). - platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112). - platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112). - platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112). - platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112). - platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112). - platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112). - platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112). - platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469) Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default configurations, but keep it disabled for kvmsmall configurations. For ppc64 and s390x drivers was not enabled, so keep it that way. Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list. - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).

Affected Systems

  • susekernel-64kb&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 6.4.0-150700.53.22.1.150700.17.15.1

  • susekernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-default&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-default&distro=SUSE Linux Enterprise Module for Legacy 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-docs&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-livepatch-SLE15-SP7_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP7

    < 1-150700.15.3.1

  • susekernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-source&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-source&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-syms&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

    < 6.4.0-150700.53.22.1

  • susekernel-zfcpdump&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 6.4.0-150700.53.22.1

References (970)